sample config: document how to make CSPPlug send STS headers (off by default to allow...

diff --git a/lib/mix/tasks/sample_config.eex b/lib/mix/tasks/sample_config.eex
index 3881ead26dacad84a5c5f8d50af6809203ab9d1c..824bc97a1a9cf0b8f91abf421b361c40a5f5ebd4 100644 (file)
--- a/lib/mix/tasks/sample_config.eex
+++ b/lib/mix/tasks/sample_config.eex
@@ -25,6 +25,10 @@ config :pleroma, Pleroma.Repo,
   hostname: "localhost",
   pool_size: 10
 
+# Enable Strict-Transport-Security once SSL is working:
+# config :pleroma, :csp,
+#   sts: true
+
 # Configure S3 support if desired.
 # The public S3 endpoint is different depending on region and provider,
 # consult your S3 provider's documentation for details on what to use.